Benefits

passwords/pins will not be sent over the internet – network sniffing of passwords impossible

no phishing vulnerability – no faked LogIn form can intercept and read your credentials

About Public Key Infrastructure

A private/public key pair allows signing and encryption of messages like e-mails and can be used for authentication. The possession of a key pair does not provide a way of verifying that the user is who he pretends to be. To complement this information someone is needed who asserts that the owner of a specific key pair is identity X. That someone is the CA and the attestation used is the certificate. The certificate basically wraps the public key and augments it with information about who the user is – the certificate subject – and a validity period of the certificate. The information is signed by the CA, so that information cannot be altered. The ITU-T standard which describes the format of a certificate is X.509.

A certificate is similar to your passport, which states that you are Mr. or Mrs. X and has some sophisticated methods to assure that the identity statement cannot be modified.

The Registration Authority in the real life example mentioned above would be the passport authority and the binding would be done through a certificate of birth, a social number or similar, depending on the country you are in.

An example of a real life Validation Authority is the passport inspection when entering a country. They check your passport by comparing the photo or other biometric methods in your passport with the person itself, which means s.th. noted in the passport will be compared to something the person has.

In the internet world such a visual inspection might not be suitable. In that case this “something a person has” is his private key. By encrypting or signing a message the sending person is identified because it is only the matching public key that is able to decrypt or verify the message. Yes, exactly that public key wrapped inside the certificate which states the binding of Mr. or Mrs. X to the public key.

Publish your certficate to your OpenID public profile – for additional use like email encryption and signature verification. See how our demo user Max Mustermann did it.

If your security requirements need a stronger authentication. Get the ePass or StorePass USB smart card devices and follow the automatic enrollement procedure described above. Get the token at RS-Computer.